/**
 * 
 */
package com.neal.service.securities.authrity;

import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;


/**
 * @author Neal
 * @version 1.0
 * @description 
 */
public class AccessDecisionManagerBean implements AccessDecisionManager{

	/* (non-Javadoc)
	 * @see org.springframework.security.access.AccessDecisionManager#decide(org.springframework.security.core.Authentication, java.lang.Object, java.util.Collection)
	 */
	@Override
	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException,
			InsufficientAuthenticationException {
		if (null == configAttributes || configAttributes.size() <= 0) {  
            return;  
        }  
          
        String needRole = null;  
        for (Iterator<ConfigAttribute> iter = configAttributes.iterator(); iter.hasNext(); ) {  
            needRole = iter.next().getAttribute();  
              
            for (GrantedAuthority ga : authentication.getAuthorities()) {  
                if (needRole.trim().equals(ga.getAuthority())) {  
                    return;  
                }  
            }  
        }  
          
        throw new AccessDeniedException("not permission！");  
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.access.AccessDecisionManager#supports(org.springframework.security.access.ConfigAttribute)
	 */
	@Override
	public boolean supports(ConfigAttribute attribute) {
		return true;
	}

	/* (non-Javadoc)
	 * @see org.springframework.security.access.AccessDecisionManager#supports(java.lang.Class)
	 */
	@Override
	public boolean supports(Class<?> clazz) {
		return true;
	}

}
